A worrying security flaw in Apple’s new OS X Lion operating system has been discovered that will allow anyone to change your login password. The OS X Lion security flaw allows any user on the system to modify the passwords of other local accounts very easily by accessing a systems directory.
In OS X Lion, user passwords are encrypted and then are stored in files called “shadow files” which are placed in secure locations on the drive. Based on system permissions, the contents of these files can then only be accessed and modified by the user, or by an administrators after they have provided authentication.
However it seems that protection is not intact because OS X Lion keeps the password hashes in the system’s directory services, a directory that any user can access.
Lets hope Apple rolls out a patch quickly to address the issue. As any more new is released as always we will keep you updated.